[Oisf-users] Suricata and XDP

Nelson, Cooper cnelson at ucsd.edu
Fri Jun 21 18:14:33 UTC 2019


That is the same thing as far as I can tell, so it's probably not my system.

Details of that specific error are here:

https://lwn.net/Articles/740157/

>The eBPF in-kernel verifier
There are inherent security and stability risks with allowing user-space code to run inside the kernel. So, a number of checks are performed on every eBPF program before it is loaded. The first test ensures that the eBPF program terminates and does not contain any loops that could cause the kernel to lock up. This is checked by doing a depth-first search of the program's control flow graph (CFG). Unreachable instructions are strictly prohibited; any program that contains unreachable instructions will fail to load.

>The second stage is more involved and requires the verifier to simulate the execution of the eBPF program one instruction at a time. The virtual machine state is checked before and after the execution of every instruction to ensure that register and stack state are valid. Out of bounds jumps are prohibited, as is accessing out-of-range data.

It would be helpful if there was a way to check the 'lb.bpf' file against the kernel verifier using some sort of verbose logging, to see exactly why it is failing.  It would be much easier to debug in that case (any ideas Eric?).

I very much want to get this working as I'm fairly certain it will resolve the #2725 support ticket.

-Coop
 
-----Original Message-----
From: Peter Manev <petermanev at gmail.com> 
Sent: Friday, June 21, 2019 2:09 AM
To: Nelson, Cooper <cnelson at ucsd.edu>
Cc: Eric Leblond <eric at regit.org>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Suricata and XDP


Ive seen a similar err like that once before here - https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-September/016170.html
though i dont think it the same case or related necessarily.


--
Regards,
Peter Manev


More information about the Oisf-users mailing list